Headless browsers have become indispensable tools for security teams, researchers, and attackers focusing on web applications. Tools like PhantomJS enable anyone to automatically interact with highly dynamic websites and to perform many types of automated attacks. This presentation will dive into headless browser detection and spoofing techniques.

+

+

Sergey Shekyan is a Principal Engineer at Shape Security, where he is focused on the development of the new generation web security product. Prior to Shape Security, he spent 4 years at Qualys developing their on demand web application vulnerability scanning service.

+

+

Bei Zhang is a Senior Software Engineer at Shape Security, focused on analysis and countermeasures of automatic web attacks. Previously, he worked at the Chrome team at Google with a focus on the Chrome Apps API. His interests include web security, source code analysis, and algorithms.

+

<br><br>

'''OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''''

'''OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''''

OWASP Bay Area

Welcome to the Bay Area chapter homepage. Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Speakers

Jasvir Nagra, Google

Sergey Shekyan & Bei Zhang, Shape Security

Headless browsers have become indispensable tools for security teams, researchers, and attackers focusing on web applications. Tools like PhantomJS enable anyone to automatically interact with highly dynamic websites and to perform many types of automated attacks. This presentation will dive into headless browser detection and spoofing techniques.

Sergey Shekyan is a Principal Engineer at Shape Security, where he is focused on the development of the new generation web security product. Prior to Shape Security, he spent 4 years at Qualys developing their on demand web application vulnerability scanning service.

Bei Zhang is a Senior Software Engineer at Shape Security, focused on analysis and countermeasures of automatic web attacks. Previously, he worked at the Chrome team at Google with a focus on the Chrome Apps API. His interests include web security, source code analysis, and algorithms.

OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.

About OWASP Bay Area Chapter

Geographic Area of Bay Area Chapter

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

Become a Presenter

Notes about OWASP presentations

OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

Chapter Meetings

RSS of all public bay area events (it only contains the next event so don't worry if it's empty when you subscribe)

About Presentation Events

Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

About OWASP Social Hours

The purpose of the OWASP social gathering is:

Informal security chat - the benefits of "hallway con" and security talk with others in the industry

Networking - meet other people in the field and industry

After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

Feb 2014 - San Jose @ Jillians

Feb 2014 - Special Free Training Event

OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.

Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.